wgctrl-go icon indicating copy to clipboard operation
wgctrl-go copied to clipboard
verified publisher icon WireGuard

UAPI socket for the macOS sandboxed Wireguard app

Open nohajc opened this issue 2 years ago • 10 comments

This change makes it possible to configure tunnels created by the App Store Wireguard UI using wg and wgctrl-go.

It's an implementation of this suggestion: https://github.com/WireGuard/wgctrl-go/issues/96#issuecomment-1216933842

Because the app is sandboxed, you cannot create the socket in its usual location (/var/run/wireguard). It should be possible to configure an exception for the path but in practice it only works with regular files and not Unix domain sockets. That's why I create the socket inside the app's sandbox folder instead (~/Library/Containers/com.wireguard.macos.network-extension/Data).

I'm also submitting pull requests to modify wireguard-apple, wireguard-go and wireguard-tools to work with this alternative path.

https://github.com/WireGuard/wireguard-apple/pull/27 https://github.com/WireGuard/wireguard-go/pull/89 https://github.com/WireGuard/wireguard-tools/pull/21

nohajc avatar Sep 09 '23 13:09 nohajc

Great contribution :)

I could really use this feature too. It would be great if we could get this merged.

stv0g avatar Sep 11 '23 08:09 stv0g

@mdlayher, @zx2c4 Do you have suggestion how we could bring this forward? Maybe posting it on the mailinglist? Or send a patch that way?

stv0g avatar Sep 25 '23 12:09 stv0g

I'm also interested in this. Should I initiate it? That is, sending the patches or perhaps asking for push access to the original repos' feature branches... I understand some of the repositories are only mirrors here on GitHub but I've seen previous pull requests being cherry-picked.

Anyway, it would be nice to hear from others whether they think this is useful and also satisfactory in the current form.

nohajc avatar Oct 02 '23 21:10 nohajc

Starting a conversation on the mailing list seems like the appropriate place. It's not clear to me how these pieces fit together yet and I'd rather have a plan worked out before merging code here.

mdlayher avatar Oct 02 '23 22:10 mdlayher

Starting a conversation on the mailing list seems like the appropriate place. It's not clear to me how these pieces fit together yet and I'd rather have a plan worked out before merging code here.

Ok, I sent an email to [email protected], awaiting response. I assume it's not required to subscribe. I can't see my message in the archive yet, though I have no idea how often it is updated.

I didn't generate the git patches because it looked like I'd have to send one email for each repo which didn't seem very practical to me.

Please, let me know if there's anything else I should do. Thanks.

nohajc avatar Oct 09 '23 17:10 nohajc

No worries about the patches at the moment. I just want to make sure we get Jason's thoughts on everything and how the pieces fit together.

mdlayher avatar Oct 09 '23 18:10 mdlayher

Question: Do I have to subscribe to the mailing list first? Because I sent an email two weeks ago, haven't got any response and it didn't even show up in the archive.

nohajc avatar Oct 25 '23 17:10 nohajc

@mdlayher @zx2c4 Ok, I really don't know what to do here. I sent an email to the mailing list twice. I got no response and it didn't even show up in the archive.

To be honest, this mailing list policy and apparent lack of any interest in PRs coming from github is kind of discouraging. I've been more than willing to answer any questions regarding the suggested changes but nobody seems to care.

nohajc avatar Nov 17 '23 15:11 nohajc

I haven't had a chance to look into this yet. Sorry for the delay.

zx2c4 avatar Nov 17 '23 15:11 zx2c4

I haven't had a chance to look into this yet. Sorry for the delay.

I understand it's probably low priority but it's also a fairly small change...

nohajc avatar Jan 04 '24 23:01 nohajc